Cybersecurity/rmf Analyst - Washington Navy Yard, United States - Eursdale Companies, LLC

Description

• Assess the system effectiveness and compliance against National Institute of Standards and Technology (NIST) and DoD security requirements to include the NIST 80053A controls and Defense Information Systems (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
• Research vulnerabilities, originating from various sources, for impacts and perform risk assessments of vulnerabilities and develop effective written mitigations to reduce felt risk.
• Produce evidence to support compliance status of NIST and DoD security requirements in an Amazon Web Services (AWS) environment.
• Develop, update, and review RMF documentation to include System Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports and interact with these documents in the Government eMASS system.
• Complete Navy RMF processes as identified in the RMF Process Guide (RPG) and Security Control Assessor (SCA) Risk Assessment Guide (RAG).
• Perform continuous monitoring activities.
• Comply with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) Instructions.
• Required to use the automated RMF A&A tools, such as Enterprise Mission Assurance Support Service (eMASS), to complete and document DoD compliant RMF A&A activities.
• Oversee efforts to enhance security and reliability to ensure data shared with partner systems is properly protected.
• Provide weekly status reports and perform other related duties as assigned.

• Must have an Active SECRET DoD Security Clearance.
• Must have a Bachelor's Degree.
• Must have indepth knowledge of and will have successfully implemented NIST, DoD, and Navy Cybersecurity policies, guidance, and standards (e.g., DoDI , FIPS199, FIPS200, NIST SP 80037, NIST SP 80053, NIST SP 80053A, etc.).
• Must have experience with RMF/A&A and Cybersecurity policy development; explicitly Steps 4 (implement), 5 (assess), and 7 (monitor).
• Must perform independently and/or as part of a team to move the mission forward.
• Must communicate effectively in writing and verbally.
• Must be a selfstarter and take ownership, responsibility, and initiative for the successful and timely completion of all tasks and areas assigned.
• Must meet SECNAV M Cybersecurity Workforce Credential requirements of IAT or IAM Level III, one of the following certifications: Security + ce, Certified Information Security Manager (CISM); Certified Information Systems Security Professional (CISSP); CompTIA Advanced Security Practitioner (CASP+); or GIAC Security Leadership Certification (GSLC).
• Must balance multiple projects to meet tight deadlines and customer satisfaction.
• Preferred experience communicating, briefing, and working with senior level government and / or industry leadership.
• Preferred experience with large System Analysis Program (SAP) Enterprise Resource Planning (ERP) system cybersecurity.
• No travel anticipated.

• 401(k)
• 401(k)

• Dental insurance
• Health insurance
• Life insurance

• 3 years

• Monday to Friday
• Weekends as needed

• Cybersecurity: 3 years (required)

• Washington Navy Yard, DC required)